Thank you, Tetonbob!
Here's the C:\Qoobox\ComboFix2.txt:
ComboFix 08-01-07.5 - Jessica Holbrook 2008-01-07 11:20:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.348 [GMT -5:00]
Running from: C:\Documents and Settings\Jessica Holbrook\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInstall.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\ETNADiag.exe
C:\WINDOWS\system32\fhhkj.ini
C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mxwphvtb.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\systeminfo3.dll
C:\WINDOWS\system32\tstwa.ini
C:\WINDOWS\system32\tstwa.ini2
C:\WINDOWS\system32\z1
C:\x.dat
C:\z.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
-------\core
((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 )))))))))))))))))))))))))))))))
.
2008-01-07 11:20 . 2008-01-07 11:20 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS
2008-01-07 11:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-07 06:40 . 2008-01-07 06:40 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-05 16:16 . 2008-01-05 16:18 2,996 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-05 16:04 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-05 16:04 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-05 16:04 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-05 16:04 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-05 16:04 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-05 16:04 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-05 12:11 . 2008-01-05 12:11 <DIR> d-------- C:\Deckard
2008-01-05 11:58 . 2008-01-05 11:58 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-05 11:25 . 2008-01-05 11:25 <DIR> d-------- C:\ie-spyad_zo
2008-01-05 11:01 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-05 11:00 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\dcnmvxaqmrrt.sys
2008-01-05 00:07 . 2008-01-05 00:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-04 23:40 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\bydgmoohxubv.sys
2008-01-04 23:24 . 2008-01-05 11:00 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-04 23:24 . 2008-01-05 10:55 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-04 23:24 . 2008-01-05 10:55 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-04 23:24 . 2008-01-05 10:55 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-04 22:56 . 2008-01-04 22:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-04 20:32 . 2008-01-04 20:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-04 20:32 . 2008-01-04 20:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-04 20:26 . 2008-01-04 20:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-03 20:20 . 2008-01-03 20:20 4,331 --a------ C:\Bringing Baby Home.MDS
2008-01-03 20:08 . 2008-01-03 20:20 2,859,270,144 --a------ C:\Bringing Baby Home.ISO
2008-01-01 22:54 . 2008-01-01 22:54 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-01-01 22:54 . 2008-01-04 23:59 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-01-01 22:52 . 2008-01-02 06:15 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-01 22:52 . 2008-01-02 06:15 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-01 22:52 . 2008-01-02 06:15 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-01 22:52 . 2008-01-02 06:15 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-01 22:50 . 2008-01-02 06:15 <DIR> d-------- C:\Program Files\Symantec
2008-01-01 22:50 . 2008-01-01 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-01 22:40 . 2008-01-04 23:56 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-01 22:30 . 2008-01-01 22:48 159,744 --a------ C:\WINDOWS\system32\hkcmd .exe
2008-01-01 22:30 . 2008-01-01 22:48 135,168 --a------ C:\WINDOWS\system32\igfxtray .exe
2008-01-01 22:30 . 2008-01-01 22:49 131,072 --a------ C:\WINDOWS\system32\igfxpers .exe
2008-01-01 22:15 . 2008-01-03 11:39 <DIR> d-------- C:\Program Files\kernel
2008-01-01 22:15 . 2008-01-01 22:15 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-01-01 22:13 . 2008-01-01 22:13 134 --a------ C:\n.bat
2008-01-01 22:12 . 2008-01-01 23:03 <DIR> d-------- C:\WINDOWS\system32\mr9
2008-01-01 22:12 . 2008-01-01 23:06 <DIR> d-------- C:\WINDOWS\system32\ardCo18
2008-01-01 22:12 . 2008-01-05 00:05 <DIR> d-------- C:\WINDOWS\system32\aj2
2008-01-01 22:12 . 2008-01-02 14:01 <DIR> d--hs---- C:\WINDOWS\SmVzc2ljYSBIb2xicm9vaw
2008-01-01 22:12 . 2008-01-01 22:12 <DIR> d-------- C:\Temp\cEeer12
2008-01-01 22:12 . 2008-01-07 11:22 <DIR> d-------- C:\Temp
2008-01-01 22:12 . 2008-01-01 22:12 <DIR> d-------- C:\Program Files\CloneDVD
2008-01-01 22:12 . 2008-01-01 22:13 <DIR> d-------- C:\Documents and Settings\Jessica Holbrook\Application Data\Vso
2008-01-01 22:12 . 2008-01-01 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVDXStudio
2008-01-01 22:12 . 2008-01-01 22:12 81,920 --a------ C:\Documents and Settings\Jessica Holbrook\Application Data\ezpinst.exe
2008-01-01 22:12 . 2008-01-01 22:12 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-01-01 22:12 . 2008-01-01 22:12 47,360 --a------ C:\Documents and Settings\Jessica Holbrook\Application Data\pcouffin.sys
2008-01-01 22:12 . 2008-01-02 14:05 39,936 --a------ C:\WINDOWS\mrofinu1000106.exe.tmp
2008-01-01 22:10 . 2008-01-02 13:28 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-01 21:58 . 2008-01-01 23:17 <DIR> d-------- C:\Program Files\LimeWire
2008-01-01 21:53 . 2008-01-01 21:53 <DIR> d-------- C:\Program Files\DVD Decrypter
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 16:00 --------- d-----w C:\Program Files\Google
2008-01-05 16:00 --------- d-----w C:\Program Files\Clipmarks
2008-01-05 00:58 --------- d-----w C:\Program Files\Windows Defender
2008-01-03 16:39 --------- d-----w C:\Program Files\Microsoft Works
2008-01-03 16:39 --------- d-----w C:\Program Files\Lexmark 1200 Series
2008-01-02 18:34 --------- d-----w C:\Documents and Settings\Jessica Holbrook\Application Data\LimeWire
2007-12-03 19:18 --------- d-----w C:\Program Files\CONEXANT
2007-12-03 18:41 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-01 04:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 04:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 04:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 04:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 04:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 04:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 04:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-27 19:36 374 ----a-w C:\Documents and Settings\Jessica Holbrook\Application Data\internaldb6334.dat
2007-11-27 19:32 555 ----a-w C:\Documents and Settings\Jessica Holbrook\Application Data\internaldb8467.dat
2007-11-27 19:32 18,432 ----a-w C:\Documents and Settings\Jessica Holbrook\Application Data\internaldb41.dat
2007-11-26 19:48 --------- d-----w C:\Documents and Settings\Jessica Holbrook\Application Data\ieSpell
2007-11-26 19:46 --------- d-----w C:\Program Files\ieSpell
2007-11-25 02:56 29,832 ----a-w C:\Documents and Settings\Jessica Holbrook\Application Data\GDIPFONTCACHEV1.DAT
2007-11-23 19:24 675,579 ----a-w C:\WINDOWS\PROGRAM.exe
2007-11-21 14:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-21 14:51 --------- d-----w C:\Program Files\Canon
2007-11-21 14:48 --------- d-----w C:\Program Files\Common Files\Canon
2007-11-18 21:51 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-18 03:19 --------- d-----w C:\Program Files\SigmaTel
2007-11-17 13:23 --------- d-----w C:\Program Files\MSXML 6.0
2007-11-16 23:18 --------- d-----w C:\Program Files\FaxTools
2007-11-16 23:18 --------- d-----w C:\Program Files\ABBYY FineReader 6.0
2007-11-16 23:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-11-16 18:35 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-16 18:28 --------- d-----w C:\Program Files\Microsoft Works Suite 2002
2007-11-16 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-16 14:48 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-11-16 01:26 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-11-16 01:19 356,352 ----a-w C:\WINDOWS\system32\AegisI5Installer.exe
2007-11-16 01:19 21,393 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-11-16 01:19 21,393 ----a-w C:\WINDOWS\AegisP.sys
2007-11-16 01:19 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2007-11-16 01:19 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2007-11-16 01:19 --------- d-----w C:\Documents and Settings\Default User\Application Data\Intel
2007-11-16 01:18 --------- d-----w C:\Documents and Settings\Jessica Holbrook\Application Data\Intel
2007-11-16 01:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2007-11-16 01:02 --------- d-----w C:\Program Files\BlueTooth
2007-11-16 00:55 --------- d-----w C:\Program Files\Toshiba
2007-11-16 00:36 --------- d-----w C:\Documents and Settings\Jessica Holbrook\Application Data\Toshiba
2007-11-15 19:02 5 ----a-w C:\WINDOWS\system32\drivers\DELL__.MRK
2007-11-15 19:02 5 ----a-w C:\WINDOWS\system32\drivers\1028_DELL__.MRK
2007-11-15 18:57 --------- d-----w C:\Program Files\Dell
2007-11-15 18:43 5 ----a-w C:\WINDOWS\system32\drivers\DELL_XPS_MM061 .MRK
2007-11-15 18:43 5 ----a-w C:\WINDOWS\system32\drivers\1028_DELL_XPS_MM061 .MRK
2007-11-15 18:42 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-15 18:02 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2007-11-15 18:00 --------- d-----w C:\Program Files\Intel
2007-11-15 17:58 --------- d-----w C:\Program Files\Broadcom
2007-11-15 17:21 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.
Code:
<pre>
----a-w 39,792 2008-01-02 03:49:15 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 28,738 2008-01-02 03:49:08 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind .exe
----a-w 68,856 2008-01-02 03:49:21 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 974,848 2008-01-02 03:48:56 C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
----a-w 823,296 2008-01-02 03:48:54 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc .exe
----a-w 61,440 2008-01-02 03:49:27 C:\Program Files\kernel\kernel .exe
----a-w 57,344 2008-01-02 03:49:12 C:\Program Files\Lexmark 1200 Series\lxczbmgr .exe
----a-w 1,694,208 2008-01-02 03:49:27 C:\Program Files\Messenger\msmsgs .exe
----a-w 24,576 2008-01-02 03:49:07 C:\Program Files\Microsoft Works\wkfud .exe
----a-w 331,830 2008-01-02 03:49:05 C:\Program Files\Microsoft Works\WksSb .exe
----a-w 866,584 2008-01-02 03:49:18 C:\Program Files\Windows Defender\MSASCui .exe
----a-w 15,360 2008-01-05 16:58:12 C:\WINDOWS\system32\ctfmon .exe
----a-w 159,744 2008-01-02 03:48:58 C:\WINDOWS\system32\hkcmd .exe
----a-w 131,072 2008-01-02 03:49:01 C:\WINDOWS\system32\igfxpers .exe
----a-w 135,168 2008-01-02 03:48:55 C:\WINDOWS\system32\igfxtray .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-01 22:59 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"kernel"="C:\Program Files\kernel\kernel.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 07:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [ ]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [ ]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [ ]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [ ]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [ ]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [ ]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 00:07 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 23:53 714608]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 17:46:00]
BTTray.lnk - C:\Program Files\Dell\Bluetooth Software\BTTray.exe [2004-04-26 17:13:54]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 03:15:54]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 18
54]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 00:07]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-02 04:11:58 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Jessica Holbrook.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-01-07 11:25:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-07 11:27:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-07 16:27:19
.
2008-01-04 12:45:26 --- E O F ---